Solved

Software Delpoyment using GPO

Posted on 2013-01-15
22
427 Views
Last Modified: 2013-01-16
Here is what I have done so far.

.Created an OU called it test.
.Created a user, called him test.
.Put the user test in the Test OU.
. Created a folder & shared the folder with everyone full access (just to be on the safe side).
.Download .MSI file for a program called 7-Zip.
.Put the file into the folder that I created and shared.
.Crated a new GOP, called it deployed 7zip, edit the GPO ( see attached snap shoot )
. GPO Settings. On client workstation did a gpupdate /force
.The gpupdate says it was competed successfully & User policy update has completed successfully. What it dose not do is ask me to reboot for the GPO to take affect.

Needless to say I reboot and the GPO doe not install the 7-zip.msi file.


What I'm I missing?
checked, re-checked and checked again and still no joy.
Can anyone tell me what I'm doing wrong? From what I have read and seem it should not be difficult to get this running.

Thank you all
0
Comment
Question by:noad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 6
  • 2
  • +2
22 Comments
 
LVL 4

Expert Comment

by:mprssjpr
ID: 38778326
In the GPO editor, right-click the '7-Zip GPO Software' policy, and link it to the domain.
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 38778333
Unless I am mistaken the GPO needs to be applied to the OU the Computer is in rather than the OU the User is in...
0
 
LVL 7

Expert Comment

by:joensw
ID: 38778366
HI
Please try to Set the Group Policy setting under Computer Configuration -> Administrative Templates -> System ->  Logon -> Always wait for the network at computer startup and logon to Enabled.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 1

Author Comment

by:noad
ID: 38778376
mprssjpr

Why the domain GPO, I want it to go to a specific OU. I don't want it to apply to everyone.

can you explain?

Thanks
0
 
LVL 1

Author Comment

by:noad
ID: 38778384
lamaslany

I have applied both the computer and user to the test OU.
see the snap shoot. maybe I did it wrong? Can you take a look and verify for me?

Thanks
0
 
LVL 4

Expert Comment

by:mprssjpr
ID: 38778413
Noad - yes, I know it seems illogical, but that's how it works. When you right click it, and choose 'Link Enabled' and 'Enforced', you will see in the main pane that another item appears, with the name of the domain.

You will see in that columns of the main pane that the object is NOT enforced for the domain, only for the OU. If you don't link to the domain, the object is kind of...orphaned.
0
 
LVL 1

Author Comment

by:noad
ID: 38778423
joensw

do you mean to setup a GPO in the test OU and give it those settings?

If that is what you mean, I did it and still no joy, noting seems to be working!
I still can't see what I'm doing wrong...
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38778430
Read this to help troubleshoot the GPO:

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11009-10-Ways-to-Troubleshoot-Group-Policy.html

The picture shows the software on the computer side. If so, you must have that linked to an ou containing computers.

You also don't need to list the computers and authenticated users on the security scope. Authenticated Users is every authenticated object (computers and users).
0
 
LVL 1

Author Comment

by:noad
ID: 38778440
mprssjpr

ok, I understand what you are saying, not sure exactly how to do it...
Can you plz explain it to me in more details.
Sorry....
Not thinking stright
0
 
LVL 1

Author Comment

by:noad
ID: 38778457
jmoody10

So you are saying to include or move the computer into the test OU?
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38778466
mprssjpr is wrong. The GPO can be linked to an OU specifically. It does not need to be enforced or link to the domain as well.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38778478
From your picture, you have the MSI loaded in Computer Config\Software Installation. Because of this, the GPO must apply to a computer. If you have the GPO linked to Test OU and the GPO applies to Authenticated Users, then a computer will need to be in the Test OU as well.

The user can be in any OU.

After moving the computer, restart once (because you moved the computer object). Restart once more (so that the GPO can be downloaded). Restart once more so that it can be applied.

You can also cut these restarts down by enabling "Always wait for the network at computer startup and logon". ComputerConfig\Admin Templates\System\Group Policy
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 38778500
The Computer account needs to be in the Test OU.
0
 
LVL 1

Author Comment

by:noad
ID: 38778529
Guys
I understand what you are saying.
Sorry
My primary JOB is as a Paramedic on a Fire Dept.
I'm going on a call now, bit Willie PC to test OU and try it out ASAP

Thanks all
0
 
LVL 1

Author Comment

by:noad
ID: 38779225
jmoodly10

Ok
I tested what you explain and it did not work, here is what I did.
I added the computer to the test OU and removed the GPO link from the domain.
No joy, I added the GPO link back to the Domain and it worked.
I did this second test with a different computer.

While I more then agree with you that I should be able to set the GPO to different OU's, I must still be doing something wrong.

Any other ideas as to how I can correct it?

Thanks.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38779360
ok. Do this:

Link GPO back to Test OU only. On a client, run this command: gpresult /h Report.htm /f. Then right click on your GPO and select Save report.

Upload both files here.
0
 
LVL 1

Author Comment

by:noad
ID: 38779670
k
will do
0
 
LVL 1

Author Comment

by:noad
ID: 38779774
Jmoody10

I ran the command and got noting, I ran gpresult -r and got the following.
I do see where the GPO is added and as per your input I removed the GPO link form the Domain GPO. I even installed Flash this way and it worked....
Now I'm working on uninstalling the 7Zip file via the GPO and will try the same with other work stations on the network.

GPO  ( gpresult -r )
0
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 500 total points
ID: 38780046
If you go to C:\Users\Administrator, you can open the file named Report.htm
0
 
LVL 1

Author Comment

by:noad
ID: 38780434
Oh...
WOW, I'm way off today...

Regardless, you are correct. I was able to deploy to a win8 computer on the network that's on a different OU.
I will look into getting the report..

Thanks for all of your help.
0
 
LVL 1

Author Closing Comment

by:noad
ID: 38780438
Simple instruction to follow.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38782342
Not a problem!
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question